390 likes | 605 Views
Developing and Using Feasibility Evidence for Life Cycle Commitment Milestones (Charts with Notes). July 2008 Barry Boehm and Jo Ann Lane USC CSSE. Outline. Nature, motivation for developing feasibility evidence Feasibility Evidence Description (FED) context and content
E N D
Developing and Using Feasibility Evidence for Life Cycle Commitment Milestones(Charts with Notes) July 2008 Barry Boehm and Jo Ann Lane USC CSSE
Outline • Nature, motivation for developing feasibility evidence • Feasibility Evidence Description (FED) context and content • Use of FEDs in life cycle commitment reviews • Processes for developing FEDs • Conclusions and references • Backup charts: evaluation criteria, examples ©USC-CSSE
Nature of FEDs and Anchor Point Milestones Evidenceprovided by developer and validated by independent experts that: If the system is built to the specified architecture, it will Satisfy the specified operational concept and requirements Capability, interfaces, level of service, and evolution Be buildable within the budgets and schedules in the plan Generate a viable return on investment Generate satisfactory outcomes for all of the success-critical stakeholders Shortfalls in evidence are uncertainties and risks Should be resolved or covered by risk management plans Assessed in increasing detail at major anchor point milestones Serves as basis for stakeholders’ commitment to proceed Serves to synchronize and stabilize concurrently engineered elements Can be used to strengthen current schedule- or event-based reviews ©USC-CSSE
Problems Encountered without FED: 15-Month Architecture Rework Delay $100M Required Architecture: Custom; many cache processors $50M Original Architecture: Modified Client-Server Original Cost Original Spec After Prototyping 5 3 1 2 4 Response Time (sec) ©USC-CSSE
Problems Avoidable with FED Attempt to validate 1-second response time Commercial system benchmarking and architecture analysis: needs expensive custom solution Prototype: 4-second response time OK 90% of the time Negotiate response time ranges 2 seconds desirable 4 seconds acceptable with some 2-second special cases Benchmark commercial system add-ons to validate their feasibility Present solution and feasibility evidence at anchor point milestone review Result: Acceptable solution with minimal delay ©USC-CSSE
AT&T Experience with AP Reviews ©USC-CSSE
Outline • Nature, motivation for developing feasibility evidence • Feasibility Evidence Description context and content • Use of FEDs in life cycle commitment reviews • Processes for developing FEDs • Conclusions and references • Backup charts: evaluation criteria, examples ©USC-CSSE
The Incremental Commitment Life Cycle Process: Overview Stage I: Definition Stage II: Development and Operations Anchor Point Milestones Synchronize, stabilize concurrency via FEDs Risk patterns determine life cycle process 03/19/2008 ©USC-CSSE ©USC-CSSE
Key Point: Need to Show Evidence Not just traceability matrices and PowerPoint charts Evidence can include results of Prototypes: of networks, robots, user interfaces, COTS interoperability Benchmarks: for performance, scalability, accuracy Exercises: for mission performance, interoperability, security Models: for cost, schedule, performance, reliability; tradeoffs Simulations: for mission scalability, performance, reliability Early working versions: of infrastructure, data fusion, legacy compatibility Previous experience Combinations of the above Validated by independent experts Realism of assumptions Representativeness of scenarios Thoroughness of analysis Coverage of key off-nominal conditions ©USC-CSSE
Off-Nominal Architecture-Breakers TRW Project B 1005 SPR’s 100 90 80 TRW Project A 373 SPR’s 70 % of Cost to Fix SPR’s 60 50 Major Rework Sources: Off-Nominal Architecture-Breakers A - Network Failover B - Extra-Long Messages 40 30 20 10 0 0 10 20 30 40 50 60 70 80 90 100 % of Software Problem Reports (SPR’s) ©USC-CSSE
Common Examples of Inadequate Evidence Our engineers are tremendously creative. They will find a solution for this. We have three algorithms that met the KPPs on small-scale nominal cases. At least one will scale up and handle the off-nominal cases. We’ll build it and then tune it to satisfy the KPPs The COTS vendor assures us that they will have a security-certified version by the time we need to deliver. We have demonstrated solutions for each piece from our NASA, Navy, and Air Force programs. It’s a simple matter of integration to put them together. ©USC-CSSE
Examples of Making the Evidence Adequate Have the creative engineers prototype and evaluate a solution on some key nominal and off-nominal scenarios. Prototype and evaluate the three examples on some key nominal and off-nominal scenarios Develop prototypes and/or simulations and exercise them to show that the architecture will not break while scaling up or handling off-nominal cases. Conduct a scaled-down security evaluation of the current COTS product. Determine this and other vendors’ track records for getting certified in the available time. Investigate alternative solutions. Have a tiger team prototype and evaluate the results of the simple matter of integration. ©USC-CSSE
Outline • Nature, motivation for developing feasibility evidence • Feasibility Evidence Description context and content • Use of FEDs in life cycle commitment reviews • Processes for developing FEDs • Conclusions and references • Backup charts: evaluation criteria, examples ©USC-CSSE
The Incremental Commitment Life Cycle Process: Overview Stage I: Definition Stage II: Development and Operations Anchor Point Milestones Concurrently engr. Incr.N (ops), N+1 (devel), N+2 (arch) Concurrently engr. OpCon, rqts, arch, plans, prototypes ©USC-CSSE
Focus of Each Commitment Review • Each commitment review evaluates the review package created during the current phase • Work products • Feasibility evidence • Prototypes • Studies • Estimates • Basis of estimates • Goal is to determine if • Efforts should proceed into the next phase • Commit to next phase – risk acceptable or negligible • More work should be done in current phase • Do more work before deciding to commit to next phase – risk high, but probably addressable • Efforts should be discontinued • Risk too high or unaddressable ©USC-CSSE
Exploration Phase Activities • Protagonist identifies need or opportunity worth exploring • Service, agency, joint entity • Protagonist identifies additional success-critical stakeholders (SCSs) • Technical, Managerial, Financial, DOTMLPF • SCS working groups explore needs, opportunities, scope, solution options • Materiel and Non-Materiel options • Compatibility with Strategic Guidance • SCS benefits realization • Analysis of alternatives • Define evaluation criteria • Filter out unacceptable alternatives • Identify most promising alternative(s) • Identify common-special-case process if possible • Develop top-level VCR/CD Package • Approval bodies review VCR/CD Package Major starting points in sequence, but activities concurrent ©USC-CSSE
Top-Level VCR/CD Package • Operations/ life cycle concept • Top-level system boundary and environment elements • Benefits chain or equivalent • Links initiatives to desired benefits and identifies associated SCSs • Including production and life cycle support SCSs • Representative operational and support scenarios • Prototypes (focused on top development and operational risks), objectives, constraints, and priorities • Initial Capabilities Document • Leading solution alternatives • Top-level physical, logical, capability and behavioral views Life Cycle Plan • Key elements • Top-level phases, capability increments, roles, responsibilities, required resources • Feasibility Evidence Description • Evidence of ability to meet objectives within budget and schedule constraints • Evidence of ability to provide desired benefits to stakeholders • Mission effectiveness evidence ©USC-CSSE
ICM Anchor Point Milestone Content (1) (Risk-driven level of detail for each element) ©USC-CSSE
ICM Anchor Point Milestone Content (2) (Risk-driven level of detail for each element) *WWWWWHH: Why, What, When, Who, Where, How, How Much ©USC-CSSE
ICM Anchor Point Milestone Content (3) (Risk-driven level of detail for each element) ©USC-CSSE
Review Planning Tasks • Collect/distribute review products • Determine readiness • Identify stakeholders, expert reviewers • Identify review leader and recorder • Identify location/facilities • Prepare/distribute agenda Overview of Example Review Process: DCR/MS-B • Review Exit Criteria • Evidence of DCR/MS-B Package Feasibility validated • Feasibility shortfalls identified as risks, covered by risk mitigation plans • Stakeholder agreement on DCR/MS-B package content • Stakeholder commitment to support Development phase • All open issues have action plans • Review Entrance Criteria • Successful FCR/MS-A • Required inputs available • Perform Pre-Review • Technical Activities • Experts, stakeholders • review DRC/MS-Bpackage, • submit issues • Developers prepare • responses to issues • Conduct • DCR/MS-B • Review Meeting • Discuss, resolve • issues • Identify action plans, • risk mitigation plans • Review Inputs • DCR/MS-B Package: operational concept, prototypes, requirements, architecture, life cycle plans, feasibility evidence • Review Outputs • Action plans • Risk mitigation plans • Post Review Tasks • Publish review minutes • Publish and track open action items • Document lessons learned ©USC-CSSE
Lean Risk Management Plan: Fault Tolerance Prototyping 1. Objectives (The “Why”) Determine, reduce level of risk of the fault tolerance features causing unacceptable performance (e.g., throughput, response time, power consumption) Create a description of and a development plan for a set of low-risk fault tolerance features 2. Deliverables and Milestones (The “What” and “When”) By week 3 1. Evaluation of fault tolerance option 2. Assessment of reusable components 3. Draft workload characterization 4. Evaluation plan for prototype exercise 5. Description of prototype By week 7 6. Operational prototype with key fault tolerance features 7. Workload simulation 8. Instrumentation and data reduction capabilities 9. Draft Description, plan for fault tolerance features By week 10 10. Evaluation and iteration of prototype 11. Revised description, plan for fault tolerance features ©USC-CSSE
Lean Risk Management Plan: Fault Tolerance Prototyping (continued) Responsibilities (The “Who” and “Where”) System Engineer: G. Smith Tasks 1, 3, 4, 9, 11, support of tasks 5, 10 Lead Programmer: C. Lee Tasks 5, 6, 7, 10 support of tasks 1, 3 Programmer: J. Wilson Tasks 2, 8, support of tasks 5, 6, 7, 10 Approach (The “How”) Design-to-Schedule prototyping effort Driven by hypotheses about fault tolerance-performance effects Use multicore processor, real-time OS, add prototype fault tolerance features Evaluate performance with respect to representative workload Refine Prototype based on results observed Resources (The “How Much”) $60K - Full-time system engineer, lead programmer, programmer (10 weeks)*(3 staff)*($2K/staff-week) $0K - 3 Dedicated workstations (from project pool) $0K - 2 Target processors (from project pool) $0K - 1 Test co-processor (from project pool) $10K - Contingencies $70K - Total ©USC-CSSE
Outline • Nature, motivation for developing feasibility evidence • Feasibility Evidence Description context and content • Use of FEDs in life cycle commitment reviews • Processes for developing FEDs • Conclusions and references • Backup charts: evaluation criteria, examples ©USC-CSSE
FED Development Process Framework • As with other ICM artifacts, FED process and content are risk-driven • Generic set of steps provided, but need to be tailored to situation • Can apply at increasing levels of detail in Exploration, Validation, and Foundations phases • Can be satisfied by pointers to existing evidence • Also applies to Stage II Foundations rebaselining process • Examples provided for large simulation and testbed evaluation process and evaluation criteria ©USC-CSSE
Steps for Developing Feasibility Evidence • Develop phase work-products/artifacts • For examples, see ICM Anchor Point Milestone Content charts • Determine most critical feasibility assurance issues • Issues for which lack of feasibility evidence is program-critical • Evaluate feasibility assessment options • Cost-effectiveness, risk reduction leverage/ROI, rework avoidance • Tool, data, scenario availability • Select options, develop feasibility assessment plans • Prepare FED assessment plans and earned value milestones • Try to relate earned value to risk-exposure avoided rather than budgeted cost “Steps” denoted by letters rather than numbers to indicate that many are done concurrently ©USC-CSSE
Steps for Developing Feasibility Evidence(continued) • Begin monitoring progress with respect to plans • Also monitor project/technology/objectives changes and adapt plans • Prepare evidence-generation enablers • Assessment criteria • Parametric models, parameter values, bases of estimate • COTS assessment criteria and plans • Benchmarking candidates, test cases • Prototypes/simulations, evaluation plans, subjects, and scenarios • Instrumentation, data analysis capabilities • Perform pilot assessments; evaluate and iterate plans and enablers • Assess readiness for Commitment Review • Shortfalls identified as risks and covered by risk mitigation plans • Proceed to Commitment Review if ready • Hold Commitment Review when ready; adjust plans based on review outcomes ©USC-CSSE
Large-Scale Simulation and Testbed FED Preparation Example ©USC-CSSE
Negligible Anticipated 0-5% budget and/or schedule overrun Identified only minor shortfalls and imperfections expected to affect the delivered system Low Anticipated 5-10% budget and/or schedule overrun Identified 1-3 moderate shortfalls and imperfections expected to affect the delivered system Moderate Anticipated 10-25% budget and/or schedule overrun Identified >3 moderate shortfalls and imperfections expected to affect the delivered system Major Anticipated 25-50% budget and/or schedule overrun Identified 1-3 mission-critical shortfalls and imperfections expected to affect the delivered system Severe Anticipated >50% budget and/or schedule overrun Identified >3 mission-critical shortfalls and imperfections expected to affect the delivered system Example of FED Risk Evaluation Criteria ©USC-CSSE
Outline • Nature, motivation for developing feasibility evidence • Feasibility Evidence Description context and content • Use of FEDs in life cycle commitment reviews • Processes for developing FEDs • Conclusions and references • Backup charts: evaluation criteria, examples ©USC-CSSE
Conclusions • Anchor Point milestones enable synchronization and stabilization of concurrent engineering • Have been successfully applied on small to large projects • CCPDS-R large project example provided in backup charts • They also provide incremental stakeholder resource commitment points • The FED enables evidence of program feasibility to be evaluated • Produced by developer • Evaluated by stakeholders, independent experts • Shortfalls in evidence are sources of uncertainty and risk, and should be covered by risk management plans • Can get most of benefit by adding FED to traditional milestone content and reviews ©USC-CSSE
References B. Boehm and W. Hansen, “The Spiral Model as a Tool for Evolutionary Acquisition,” Cross Talk, May 2001. B. Boehm, A.W. Brown, V. Basili, and R. Turner, “Spiral Acquisition of Software-Intensive Systems of Systems,” Cross Talk, May 2004, pp. 4-9. B. Boehm and J. Lane, “Using the ICM to Integrate System Acquisition, Systems Engineering, and Software Engineering,” CrossTalk, October 2007, pp. 4-9. J. Maranzano et. al., “Architecture Reviews: Practice and Experience,” IEEE Software, March/April 2005. R. Pew and A. Mavor, Human-System Integration in the System Development Process: A New Look, National Academy Press, 2007. W. Royce, Software Project Management, Addison Wesley, 1998. RQ-4A/B Global Hawk High Altitude, Long Endurance, Unmanned Reconnaissance Aircraft, USA, http://www.airforce-technology.com/projects/global/, accessed on 8 July 2008. R. Valerdi, “The Constructive Systems Engineering Cost Model,” Ph.D. dissertation, USC, August 2005. CrossTalk articles: www.stsc.hill.af.mil/crosstalk ©USC-CSSE
Backup Charts ©USC-CSSE
Case Study: CCPDS-R Project Overview Characteristic CCPDS-R Domain Ground based C3 development Size/language 1.15M SLOC Ada Average number of people 75 Schedule 75 months; 48-month IOC Process/standards DOD-STD-2167A Iterative development Environment Rational host DEC host DEC VMS targets Contractor TRW Customer USAF Current status Delivered On-budget, On-schedule Reference: [Royce, 1998], Appendix D RATIONAL S o f t w a r e C o r p o r a t I o n ©USC-CSSE
CCPDS-R Reinterpretation of SSR, PDR Development Life Cycle Inception Elaboration Construction Architecture Iterations Release Iterations SSR IPDR PDR CDR 5 10 20 25 0 15 Contract award High-risk prototypes Architecture baseline under change control (LCO) (LCA) • Competitive design phase: • Architectural prototypes • Planning • Requirements analysis Working Network OS with validated failover Early delivery of “alpha” capability to user RATIONAL S o f t w a r e C o r p o r a t I o n ©USC-CSSE
40 Design Changes Maintenance Changes and ECP’s Hours Change 30 20 10 Implementation Changes Project Development Schedule 15 20 25 30 35 40 RATIONAL S o f t w a r e C o r p o r a t I o n CCPDS-R Results: No Late 80-20 Rework • Architecture first -Integration during the design phase -Demonstration-based evaluation • Risk Management • Configuration baseline change metrics: ©USC-CSSE
CD Concept Development CP Competitive Prototyping DCR Development Commitment Review DoD Department of Defense ECR Exploration Commitment Review EV Expected Value FCR Foundations Commitment Review FED Feasibility Evidence Description GAO Government Accounting Office ICM Incremental Commitment Model KPP Key Performance Parameter MBASE Model-Based Architecting and Software Engineering OCR Operations Commitment Review RE Risk Exposure RUP Rational Unified Process V&V Verification and Validation VB Value of Bold approach VCR Valuation Commitment Review List of Acronyms ©USC-CSSE ©USC-CSSE